Oooops, thanks for catching that! It's LGTM:) Christoph Müllner <christoph.muell...@vrull.eu> 於 2024年6月15日 週六 04:58 寫道:
> I triggered an ICE on Ubuntu 24.04 when compiling code that uses > function attributes. Looking into the sources shows that we have > a systematic issue in the attribute handling code: > * we determine the length with strlen() (excluding the terminating null) > * we allocate a buffer with this length > * we copy the original string using strcpy() (incl. the terminating null) > > To quote the man page of strcpy(): > "The programmer is responsible for allocating a destination buffer > large enough, that is, strlen(src) + 1." > > The ICE looks like this: > > *** buffer overflow detected ***: terminated > xtheadmempair_bench.c:14:1: internal compiler error: Aborted > 14 | { > | ^ > 0xaf3b99 crash_signal > /home/ubuntu/src/gcc/scaleff/gcc/toplev.cc:319 > 0xe5b957 strcpy > /usr/include/riscv64-linux-gnu/bits/string_fortified.h:79 > 0xe5b957 riscv_process_target_attr > > /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:339 > 0xe5baaf riscv_process_target_attr > > /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:314 > 0xe5bc5f riscv_option_valid_attribute_p(tree_node*, tree_node*, > tree_node*, int) > > /home/ubuntu/src/gcc/scaleff/gcc/config/riscv/riscv-target-attr.cc:389 > 0x6a31e5 handle_target_attribute > /home/ubuntu/src/gcc/scaleff/gcc/c-family/c-attribs.cc:5915 > 0x5d3a07 decl_attributes(tree_node**, tree_node*, int, tree_node*) > /home/ubuntu/src/gcc/scaleff/gcc/attribs.cc:900 > 0x5db403 c_decl_attributes > /home/ubuntu/src/gcc/scaleff/gcc/c/c-decl.cc:5501 > 0x5e8965 start_function(c_declspecs*, c_declarator*, tree_node*) > /home/ubuntu/src/gcc/scaleff/gcc/c/c-decl.cc:10562 > 0x6318ed c_parser_declaration_or_fndef > /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:2914 > 0x63a8ad c_parser_external_declaration > /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:2048 > 0x63b219 c_parser_translation_unit > /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:1902 > 0x63b219 c_parse_file() > /home/ubuntu/src/gcc/scaleff/gcc/c/c-parser.cc:27277 > 0x68fec5 c_common_parse_file() > /home/ubuntu/src/gcc/scaleff/gcc/c-family/c-opts.cc:1311 > Please submit a full bug report, with preprocessed source (by using > -freport-bug). > Please include the complete backtrace with any bug report. > See <https://gcc.gnu.org/bugs/> for instructions. > > gcc/ChangeLog: > > * config/riscv/riscv-target-attr.cc > (riscv_target_attr_parser::parse_arch): > Fix allocation size of buffer. > (riscv_process_one_target_attr): Likewise. > (riscv_process_target_attr): Likewise. > > Signed-off-by: Christoph Müllner <christoph.muell...@vrull.eu> > --- > gcc/config/riscv/riscv-target-attr.cc | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/gcc/config/riscv/riscv-target-attr.cc > b/gcc/config/riscv/riscv-target-attr.cc > index 1a73d69bf50..19eb7b06d54 100644 > --- a/gcc/config/riscv/riscv-target-attr.cc > +++ b/gcc/config/riscv/riscv-target-attr.cc > @@ -109,7 +109,7 @@ riscv_target_attr_parser::parse_arch (const char *str) > { > /* Parsing the extension list like "+<ext>[,+<ext>]*". */ > size_t len = strlen (str); > - std::unique_ptr<char[]> buf (new char[len]); > + std::unique_ptr<char[]> buf (new char[len+1]); > char *str_to_check = buf.get (); > strcpy (str_to_check, str); > const char *token = strtok_r (str_to_check, ",", &str_to_check); > @@ -247,7 +247,7 @@ riscv_process_one_target_attr (char *arg_str, > return false; > } > > - std::unique_ptr<char[]> buf (new char[len]); > + std::unique_ptr<char[]> buf (new char[len+1]); > char *str_to_check = buf.get(); > strcpy (str_to_check, arg_str); > > @@ -334,7 +334,7 @@ riscv_process_target_attr (tree fndecl, tree args, > location_t loc, > return false; > } > > - std::unique_ptr<char[]> buf (new char[len]); > + std::unique_ptr<char[]> buf (new char[len+1]); > char *str_to_check = buf.get (); > strcpy (str_to_check, TREE_STRING_POINTER (args)); > > -- > 2.45.1 > >